[Ffmpeg-devel] H.264 errors/leaks found with valgrind

Baptiste Coudurier baptiste.coudurier
Fri Mar 9 20:59:39 CET 2007 

Hi

Haakon Riiser wrote:
> While running valgrind on a program that uses ffmpeg, I've discovered
> some minor bugs in ffmpeg's h.264 decoder.  The (potentially) most serious
> one is in golomb.h:  Valgrind claims that buf is used uninitialized in
> get_ue_golomb().  Specifically, in this line:
> 
>   if(buf >= (1<<27)){
> 
> Because buf is (supposed to be) initialized through a series of macros,
> it was a bit of a hassle to investigate it further.  It can easily be
> reproduced using any h.264 stream and ffplay.  I've made available
> a tiny h.264 clip on http://folk.uio.no/hakonrk/tmp/h264.avi which is
> used in the following examples:
> 
> $ valgrind ffplay h264.avi
> [...]
> ==5552== Conditional jump or move depends on uninitialised value(s)
> ==5552==    at 0x42BB4FB: get_ue_golomb (golomb.h:54)
> [...]
> 
> 
> There is also a memory leak:
> 
> $ valgrind --leak-check=yes ffplay h264.avi
> ==5625== 9,768 bytes in 1 blocks are definitely lost in loss record 3 of 4
> ==5625==    at 0x401DBF8: realloc (vg_replace_malloc.c:306)
> ==5625==    by 0x4875B1F: av_realloc (mem.c:120)
> ==5625==    by 0x41C92D4: av_fast_realloc (utils.c:72)
> ==5625==    by 0x430017D: ff_combine_frame (parser.c:245)
> ==5625==    by 0x43B3FFC: h264_parse (h264.c:8025)
> 
> The interesting lines are probably parser.c:245
> 
>   pc->buffer= av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size)
>                + pc->index + FF_INPUT_BUFFER_PADDING_SIZE);
> 
> and h264.c:8025
> 
>   if (ff_combine_frame(pc, next, (uint8_t **)&buf, &buf_size) < 0) {
> 
> I don't know whose responsibility it is to free the memory
> allocated this way, but I assume it's not the application
> developer's responsibility.
> 

Indeed, even more specific log attached.

flags: fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat
pse36 mmx fxsr sse up

p3 mobile 1ghz

#define ARCH_X86_32 1
#define ARCH_X86 1
#define __CPU__ 586
#define TARGET_MMX 1
#define restrict __restrict__
#define ASMALIGN(ZEROBITS) ".align 1<<" #ZEROBITS "\n\t"

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070309/d3a376df/attachment.txt>

More information about the ffmpeg-devel mailing list